Maven release with jenkins slave and Credentials : how to pass SCM credentials to maven?

Question

I'm using a Jenkins master/slave setup. I'd like Jenkins to have one "source" of information for credentials. Not keys/passwords scattered all over the place.

So, I don't want to define my SCM in Jenkins (with credentials from the Jenkins Credential provider) and then again in the pom.xml/settings.xml/id_rsa.pem depending on job. Everybody likes to make their own way of doing things and we end up with copies of the keyfile or passwords all over the place. Sooner or later someone pushes a pom to a public repo and our server is compromised...

I cannot see a maintainable way of getting the credentials out of Jenkins into somewhere maven release plugin can use them. What am I missing? (maven release fails when trying to push the tags to git

[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] Permission denied (publickey).

)

I could obviously define a "file" that gets installed on the slave that contains the pem (I can think of several ways to do that) but then I have a maintenance headache when we rotate keys to remember it's in multiple locations. Otherwise, snapshots work for a month and then the release fails and nobody can figure why mvn suddenly can't push to git.

(NB it's key login only, no passwords)

Answer 1

Spent all morning trying to figure this out, then spot the "SSH Agent" tick box on the "Build environment" section. Tick it, and give the right credential and it works. I considered deleting the question, but after reading lots of other high maintenance suggestions (involving copies of the .pem file) I thought I'd leave it.